Password policies are often the first line of defence against attackers, but are they effective? That one isn't, and it's a fair guess that someone, maybe even a developer or administrator has set that for a privileged user or system and it's never been changed.
Remember that printer that was installed in 2017? It's still there, it's on the domain and still using the default password. It is not unheard of for printers to be used as a foothold into a network.
What about that admin account that was created for a contractor that left 3 years ago?...
That isn't hyperbole. We've seen it happen and far too often. A bad password in the wrong place can trigger a cascade of events that can lead to a compromise of your entire domain without ever having to use malware.
Implementing a password policy is a good start, but it's not enough. You need to test it and understand how far your organisation is still exposed and where. That's where we come in.
We will use powerful custom hardware to attempt to crack your users passwords, typically domain credentials. From this we can provide you with a custom report detailing exposure by department, operating unit or any other grouping you require.
Additionally, we will search breached password databases to identify any credentials that have been compromised and are using the same password across multiple services. Passwords from data breaches are often analysed and used in targeted online and offline password attacks by attackers
NOTE: This service can be combined with other services such as Phishing and Open Source Intelligence (OSINT) to provide a more holistic approach to testing your security policies, controls and exposure. This service is also built into Active Directory (AD) assessments.